来自 WebService 的 WMI 调用
因此,我创建了一个 Web 服务,它与 WMI 命名空间中包含的一组数据进行交互。 当我在内置开发 Web 服务器中使用 ASP.net 运行它时,它工作正常,并按请求返回数据。 但是,当我将其发布到 IIS 6 服务器(win 2003)时,Web 服务不再允许我执行 WMI 方法调用。 然而它确实让我仍然可以阅读它。
相反,它给了我:
系统管理异常: 访问被拒绝于 System.Management.ManagementException.ThrowWithExtendedInfo(管理状态 错误代码)位于 System.Management.ManagementObject.InvokeMethod(字符串 方法名称、管理基础对象 inParameters、InvokeMethodOptions 选项)在 System.Management.ManagementObject.InvokeMethod(字符串 方法名,对象[]参数)
我尝试通过将“Everyone”组添加到 WMI 命名空间安全设置并给予它们来解决此问题(是的,我知道这是一个不好的做法,但我只是想看看它是否有效)完整权限(包括执行)。 然后重置IIS。 但是我仍然收到此错误。
有人有什么想法吗?
So I have made a webservice that interfaces with a set of data contained in a WMI namespace. It works fine when I run it with the ASP.net in built development web server, and returns the data as requested. However when I publish it to an IIS 6 server (win 2003), the webservice no longer allows me to execute the WMI method calls. However it does let me still read from it.
Instead it gives me:
System.Management.ManagementException:
Access denied at
System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at
System.Management.ManagementObject.InvokeMethod(String
methodName, ManagementBaseObject
inParameters, InvokeMethodOptions
options) at
System.Management.ManagementObject.InvokeMethod(String
methodName, Object[] args)
I have tried to fix this (and yes I know this is a bad practice but I just wanted to see if it would work) by adding the "Everyone" group to that WMI namespaces security settings and giving them full permisions (which includes execute). Then resetting IIS. However I still get this error.
Anyone got any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
嗯,从技术上讲,每个人和“经过身份验证的用户”是不同的。
Everone 包括“来宾”帐户和“来宾”组、空连接和匿名连接。 每个人都是每个人。 “经过身份验证的用户”是指提供凭据的任何人。 有点微妙,但很重要。
如果来宾被禁用,那么我相信它们在所有实际目的上都是相同的,尽管每个人都可能包括“空”和“匿名”会话。
Well, techinically, Everyone and "Authenicated Users" are different.
Everone includes the "guest" account and "guests" group, null and anonymous connection. Everyone is everyone. "Authenticated Users" is anyone who's presented credentials. Slightly subtle, but important.
If guest is disabled, then I believe they are for all practical purposes identical, although Everyone might include "null" and "anonymous" sessions.
以“正确”用户帐户身份运行 IIS 应该可以。
“每个人”组并不意味着“绝对每个人”——它意味着“每个经过身份验证的用户”。 如果您无法进行身份验证,您仍然不是所有人的一部分。 如果您正在寻找需要网络权限的 WMI 资源,那么它仍然会失败。
除此之外,访问 WMI 可能需要用户权限,而运行的默认帐户 IIS 则没有该权限。
Running with IIS as a 'proper' user account should work.
The 'everyone' group doesn't mean 'absolutely everyone' -- it means 'every authenticated user'. If you can't authenticate you are still not part of everyone. If you are going after a WMI resource which requires network rights then it will still fail.
Other than that maybe accessing WMI requires a user right that the default account IIS is running as doesn't have.